Application firewall

Is a Web Application Firewall ( WAF) or Web Shield is a method that Web applications against attacks via the Hypertext Transfer Protocol (HTTP) to protect. It thus represents a special case of an application-level firewall (ALF ) or an application-level gateway ( ALG) dar.

Compared with traditional firewalls and " Intrusion Detection " systems (IDS ) examines a WAF communication at the application level. This normally requires no change to the protected web application is necessary.

Protection

Attacks, in which a WAF is designed to provide protection:

  • " Injection" attacks SQL Injection
  • Command Injection
  • LDAP Injection
  • Script Injection
  • XPath Injection

Operation

The WAF examines all incoming requests and responses from the web server. When suspicious content access is prevented. For the classification of dangerous or prohibited actions an Application Security Scanner is often used in a preliminary learning phase. This analyzed, often in dialogue with a user, the application and creates profiles for permissible actions. Alternatively, the web pages of the web application can be controlled and tried out form fields contained by a kind of crawler or application security scanner. The application runs in the fall in a kind of passive mode, that is, permitted and prohibited inputs are recorded in a log file. The administrator can then see later, what actions would block in a sharp operation, and can selectively enable this by setting up special rules. The specific procedures vary from vendor to vendor.

For example, if two parameters of an examined form defined, the WAF can block all requests that contain three or more parameters. Likewise, the length and the contents of the parameters can be checked. Only through the specification of general rules about the texture parameters, such as the maximum length and the allowed range of values, many attacks can be prevented or made more difficult for the attacker.

Species

We distinguish between the following types due to their position in the network and server topology:

  • Reverse Proxy
  • Appliance
  • Directly in the web server integrated ( eg. Hiawatha )
  • Plugin for Web Servers
  • Passive Device (IDS )

Due to its central position, a WAF is an ideal candidate to: - investigate an application to all requirements ( " requests" ) and if necessary to correct or discard - similar to a firewall.

Benefits

  • Multiple levels of protection (additional protection to existing filters in the application)
  • Security gaps can be closed simultaneously for multiple applications behind the WAF
  • Protection of applications that can not be updated ( legacy systems )
  • Option for the protection of vulnerable third-party applications until this she herself repaired

Disadvantages

  • Vulnerabilities can u.U. continue to be exploited by bypassing the WAF
  • Due to differences in request processing new attacks are possible ( for example, HTTP Request Smuggling )
  • Disruption of services due to overly restrictive or misconfigured filter
  • Applications, the active content on the client side use (eg JavaScript) are poorly supported or require significant configuration effort
  • The use of a WAF can induce to carelessness in the development of applications - however, a WAF is not a substitute for safe use
Hiawatha Webserver
815215
de