WAF (Web Application Firewall)

Web Application Firewall (WAF) is a security solution that filters, tracks, and blocks Hypertext Transfer Protocol (HTTP) traffic to protect applications and servers. It applies a set of rules in the conversation between a web application and the internet, identifying the benign from the malicious traffic, and preventing potential security threats from infiltrating the system.

Attacks on web applications and servers come in different forms such as SQL injections, cross-site scripting (XSS), distributed denial of service (DDoS), file inclusion, security misconfigurations, cookie poisoning, field manipulation, parameter tampering, forced browsing, stealth commanding, and malware infections. Without a protective layer that stands between the network and the application, hackers can get into the server and access a company s sensitive information.

WAF shields an application against vulnerabilities by rerouting clients through a rule-based filter mechanism before connecting to the server. In a way, it serves as a reverse proxy by sending requests to the WAF, screening them, then sending traffic to the web application. As it analyzes data packets on a two-way HTTP traffic, pernicious elements can immediately be detected and prevented from getting into the server, thereby protecting the system from attacks.

Benefits of WAF

WAF runs in a physical device, plugin, or cloud service, and it provides the following advantages:

  • Discovers a web application s security vulnerabilities and coding errors that need immediate fixes
  • Prevents unauthorized transfer of sensitive data away from the application
  • Complements other perimeter defense and protective systems such as firewalls and intrusion prevention tools
  • Averts attacks that bypass the network firewalls and defends a web application without having to access its source code
  • Allows users to quickly modify an application s settings in response to the security threats

Blacklist and whitelist WAFs

WAF offers blacklist or negative security, whitelist or positive security, and a hybrid of the two security models. Blacklist WAF protects against known attacks, denying harmful data transfers that can expose an application s security vulnerability. On the other hand, whitelist WAF denies unknown and default traffic, allowing only trusted and pre-approved requests.

Types of WAF

WAF offers protection to a range of enterprises and industries such as e-commerce, banking, and social media platforms that need data security for their back-end databases. It can be implemented in three ways:

  • Network-based is a hardware-based type of WAF installed in a local network but requires storage and maintenance, entailing cost. The appliance device can be expensive, but its deployment is scalable.
  • Host-based is a less expensive type that is integrated into the application with a number of customization options.
  • Cloud-based is the most affordable of the three and the easiest to implement, and it comes with regular updates. A cloud-based WAF is usually a security-as-a-service solution operated by a third-party provider.

Top Articles

Huge List Of Texting and Online Chat Abbreviations

From A3 to ZZZ we list 1,559 text message and online chat abbreviations to help you translate and understand today's texting lingo. Includes Top...

How To Create A Desktop Shortcut To A Website

This Webopedia guide will show you how to create a desktop shortcut to a website using Firefox, Chrome or Internet Explorer (IE). Creating a desktop...

The History Of Windows Operating Systems

Microsoft Windows is a family of operating systems. We look at the history of Microsoft's Windows operating systems (Windows OS) from 1985 to present...

Hotmail [Outlook] Email Accounts

  By Vangie Beal Hotmail is one of the first public webmail services that can be accessed from any web browser. Prior to Hotmail and its...

Unregulated Power Supply Definition...

An unregulated power supply is a system that transforms input voltage into direct...

Cybersecurity Awareness Training Definition...

Cybersecurity awareness training informs employees of the attack surfaces and vectors in their...

OST File Definition &...

An OST file, or offline storage table (.ost) file, is an Offline Outlook...