Web Application Firewall : The Missing Layer

The complete end-to-end security of an application relies heavily on multiple secure layers . The defence in Depth principle itself justifies the need of having various security solutions targeting at one or more specific security need of an application. A Web Application Firewall (WAF) is just that another layer of security which covers up the missing security holes. WAF is a way of mitigating attacks before they actually reach your application. WAFs are often neglected component with having direct comparisons with secure web applications and Intrusion prevention systems.
 
WAF is a basic security component, which sits between end users and the web application and works by  analysing the traffic and incoming requests to web application. It analyse both GET and POST requests and applies rules to filter out illegitimate traffic from legitimate application visitors. WAFs upperhands IPS with their ability to use rules that specify how legitimate traffic should look like.In addition , WAFs have the ability to understand web application logic- The layer 7 . WAFs provide protection against web­based threats like SQL injections,parameter or URL tampering, XSS, session hijacking and buffer overflows.WAFs are generally deployed as a front layer to web application in some proxy fashion  and they analyze the content of requests before passing them ahead, therefore they monitor the traffic before it reaches the web application. WAFs can be configured to alert or prevent known/unknown attacks by inspecting unusual or unexpected traffic patterns in teh incoming requests.
 
The Need of a WAF increases if the application is a mix of legacy and new development, which makes it rather difficult to maintain the overall security of application as any consistent security approach is not followed throughout the entire application. In such cases, WAF is the solution, which provides a filter to incoming web traffic allowing only "good traffic".
 
The various benefits of WAFs include the detection of attacks and ability to log. WAFs can pass on the attack vector it encountered to a SIEM solution for monitoring in future. 
Another key feature is that the WAF can be used to protect the web server as well as the web application.
 
The most effective way a WAF can be utilized is to use it for  "Virtual Patching". For example, consider a scenario that a previously unknown or 0day vulnerability has got detected in your application/server, in such case ,Code fix may be required but that may take time. Creating a Patch based on attack vector and putting it on WAF can provide the required protection from exploit.
 
Application architect must consider the various features a WAF can provide while designing security of an application.
 
By Saba Naaz

 

Rate this article: 
Average: 3 (2 votes)
Article category: 

There is 1 Comment

Rightly said.....WAF is a good way to augment our IPSs......Configuring WAFs in a right way is also a criticle task to avoid redundant activity of scanning same traffic from IPS and WAF both. WAF may only inspect the web application logics not the raw network traffic. 
Would like to know if this differentiation is possible and if yes, How So?
Your comments please....