A Web Application Firewall, commonly abbreviated to WAF, is the first line of defence against a cyber-attack specifically targeting a web application. A WAF works like a protective filter that monitors all HTTP traffic being sent between a user and an application. This traffic is then analysed by the WAF, which detects and blocks any malicious activity based on a set of pre-defined policies. This allows you to identify and preemptively isolate suspicious requests being sent to the website before a malicious user has the chance to gain access. The ability to customise these policies based on your requirements allows you to adapt to new hacking methods to position yourself one step ahead of attackers. This level of flexibility is essential due to the evolving nature of online threats and the escalating complexity and frequency of online breaches.
What sets a WAF apart from a regular network firewall is that the WAF works at the application level, meaning it can detect behaviour that may otherwise go unnoticed. Specifically, for companies that offer customer-facing services such as eCommerce shopping of online banking, a WAF is an essential security asset to ensure the protection of customer information. A vast amount of sensitive data – email addresses, phone numbers, bank details – is stored in databases that can be accessed via the web application. Data of this nature is typically targeted by attackers who will them employ different tactics to exploit unsuspecting users with spam emails and phishing scams. Additionally, the implementation of a WAF is a necessary step in achieving PCI DSS compliant status, an essential accolade for eCommerce business ventures.
Although a WAF doesn’t offer full protection against every conceivable method of attack available to cyber-criminals, it is a strong and flexible solution that is specifically designed to protect against some of the most effective and widely used threats as defined by OWASP. These include the following:
- SQL Injection: Involves injections an SQL query or command into a form to gain unauthorised access to a backend database. Once this method has been used, the attacker
- DDoS (Distributed Denial of Service): DDoS attacks overload a server with more traffic that it can process. This typically results in a crash and a loss of service for the website, potentially incurring a huge financial loss as well as leaving the systems in a state of vulnerability for subsequent attacks.
- Zero-day threats: Zero-day threats are vulnerabilities that are exploited as soon as they are discovered before the flaw can be patched. Often when system software is updated, it can lead to new vulnerabilities being created and abused.
- Cookie Poisoning: This method of attack includes modifying a cookie that is then sent back to the server. This ‘poisoned’ cookie can then be used to make changes, delete data or steal information.
- Web Scraping: Web scraping simply involves extracting data from one site to another.
- Parameter Tampering: Manipulating data sent between the website and the server to ‘tamper’ with information on the site such as prices.
- Buffer overflow: Overloading temporary data storage causing the data to ‘leak’ out. This data can then be modified to trigger a response to reveal private information or cause file damage.
Types of WAF
- Blacklist WAF: A blacklist WAF works on a negative security model to allow most traffic and only isolate specifically known threats to deny access. This method works to a point; however, the list of known threats can quickly become outdates as new security exploits are discovered by hackers.
- Whitelist WAFs: A whitelist WAF uses a positive security model to strictly allow access to select users and IP addresses that have been given security clearance and meet specific criteria. This is a much stronger configuration of WAF however it can require more maintenance time as users increasingly request approval before being granted access.
- Hybrid WAF: A hybrid WAF uses combined security models from both blacklist and whitelist WAFs to offer a ‘best of both’ solution. This is the most common form of WAF available.
When building and maintaining a business in a rapidly evolving environment like the internet, staying one step ahead of emerging threats can be a significant challenge. With new methods of forcing access and stealing information constantly being exploited by hackers, the ability to adapt to these threats is a necessity. Although advancements in technology continuously offer improved methods of attack for cyber criminals, it has also spawned many defensive options that you can use to shield yourself online, such as the WAF.
Looking for a cost-effective Web Application Firewall(WAF)?
CloudFence Offers a market leading WAF to prevent your site from malicious attack.