Web Application Firewall

RASP - Can applications protect themselves ?

RASP - Can applications protect themselves ?

Web applications are the most common attack vector often used for penetrating into organizations network, because websites are complex and developed by those who has little knowledge on Application security. So, what will safeguard organizations as well as provide flexibility for application developers? Many in the industry would suggest the implementation of Web Application Firewall (WAF),

WAF is a filtering technique which is placed in front of the web application to intercept the incoming traffic for identifying attack pattern and prevent them from reaching the application.

The Gartner research team states:

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities !!!

Infosec 2016 technical roadmap - Make a choice ÔÇô Based on your business constraints and technological realities

When we go for security solution design, it is important that we understand the business problem, need or opportunity. Our approach and methodologies should be based on that. Also we need to optimize architecture across customer needs, business constraints, and technological realities. For that we need to follow the industry trends and standards, both from a business and technical standpoint.

As a Security team, we need to closely watch the technology developments to ensure that our organization is effectively positioned to respond to any of the security threats. We need to develop technical roadmaps for future implementations across the enterprise to ensure the soundness of the solution. We also need to maintain a forward looking perspective on emerging technology developments and their relevance to both business and technology strategies.

Web Application Firewall - Helping Hand or Not ?

We have already read an article by Saba about Introduction on Web Application Firewall. I am extending that topic with more details.

Web Application Firewall:

As per my understanding WAF is “A security policy enforcement point positioned between a web application and the client end point. This functionality can be implemented in software or hardware, running in an appliance device, or in a typical server running a common operating system. It may be a stand-alone device or integrated into other network components.”

Web Application Firewall : The Missing Layer

Web Application Firewall : The Missing Layer
The complete end-to-end security of an application relies heavily on multiple secure layers . The defence in Depth principle itself justifies the need of having various security solutions targeting at one or more specific security need of an application. A Web Application Firewall (WAF) is just that another layer of security which covers up the missing security holes. WAF is a way of mitigating attacks before they actually reach your application. WAFs are often neglected component with having direct comparisons with secure web applications and Intrusion prevention systems.
Subscribe to RSS - Web Application Firewall