Web application firewall

From Citizendium
Jump to navigation Jump to search
This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see
Category:Articles for deletion.


This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic. As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers. Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls. Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.

Purpose

WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. SQL injection and cross site scripting are two common attacks that can be effectively mitigated using a WAF.

One criticism of WAF's is that they allow insecure programs to persist without suffering the consequences of their flaws. Using a WAF administrators can deploy a virtual patch, by mitigating certain vulnerabilities in software without altering the software itself. This can be a boon to large enterprises where fixing vulnerabilities is a time consuming process. Another situation where a WAF becomes invaluable is when an organization is dependent on third party code to which they do not have access, especially if the vendor is slow (or unable) to release a patch for vulnerabilities in the code.

Types of WAF

Web application firewalls generally fall under two categories: hardware and software. Hardware WAF's are usually turnkey solutions that include the WAF platform and software. Software WAF's are implemented purely in code and can be deployed to existing web servers. The advantage of hardware WAF's is that they do not consume webserver resources. The disadvantage to a hardware WAF is overhead and infrastructure. Both hardware and software WAF's function in fundamentally the same ways, however.

There are several different vendors of WAF's, both closed and open source. The Apache mod security is one popular open source WAF.