Web Application Firewall (WAF) is a security solution that filters, tracks, and blocks Hypertext Transfer Protocol (HTTP) traffic to protect applications and servers. It applies a set of rules in the conversation between a web application and the internet, identifying the benign from the malicious traffic, and preventing potential security threats from infiltrating the system.
Attacks on web applications and servers come in different forms such as SQL injections, cross-site scripting (XSS), distributed denial of service (DDoS), file inclusion, security misconfigurations, cookie poisoning, field manipulation, parameter tampering, forced browsing, stealth commanding, and malware infections. Without a protective layer that stands between the network and the application, hackers can get into the server and access a company s sensitive information.
WAF shields an application against vulnerabilities by rerouting clients through a rule-based filter mechanism before connecting to the server. In a way, it serves as a reverse proxy by sending requests to the WAF, screening them, then sending traffic to the web application. As it analyzes data packets on a two-way HTTP traffic, pernicious elements can immediately be detected and prevented from getting into the server, thereby protecting the system from attacks.
Benefits of WAF
WAF runs in a physical device, plugin, or cloud service, and it provides the following advantages:
- Discovers a web application s security vulnerabilities and coding errors that need immediate fixes
- Prevents unauthorized transfer of sensitive data away from the application
- Complements other perimeter defense and protective systems such as firewalls and intrusion prevention tools
- Averts attacks that bypass the network firewalls and defends a web application without having to access its source code
- Allows users to quickly modify an application s settings in response to the security threats
Blacklist and whitelist WAFs
WAF offers blacklist or negative security, whitelist or positive security, and a hybrid of the two security models. Blacklist WAF protects against known attacks, denying harmful data transfers that can expose an application s security vulnerability. On the other hand, whitelist WAF denies unknown and default traffic, allowing only trusted and pre-approved requests.
Types of WAF
WAF offers protection to a range of enterprises and industries such as e-commerce, banking, and social media platforms that need data security for their back-end databases. It can be implemented in three ways:
- Network-based is a hardware-based type of WAF installed in a local network but requires storage and maintenance, entailing cost. The appliance device can be expensive, but its deployment is scalable.
- Host-based is a less expensive type that is integrated into the application with a number of customization options.
- Cloud-based is the most affordable of the three and the easiest to implement, and it comes with regular updates. A cloud-based WAF is usually a security-as-a-service solution operated by a third-party provider.