Application Security – Web Application Firewall
WHAT IS WEB APPLICATION SECURITY
Web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in an application’s code. Common targets for web application attacks are content management systems (e.g., WordPress), database administration tools (e.g., phpMyAdmin) and SaaS applications.
Perpetrators consider web applications high-priority targets due to:
- The inherent complexity of their source code, which increases the likelihood of unattended vulnerabilities and malicious code manipulation.
- High value rewards, including sensitive private data collected from successful source code manipulation.
- Ease of execution, as most attacks can be easily automated and launched indiscriminately against thousands, or even tens or hundreds of thousands of targets at a time.
Organizations failing to secure their web applications run the risk of being attacked. Among other consequences, this can result in information theft, damaged client relationships, revoked licenses and legal proceedings.
WEB APPLICATION FIREWALL (WAF)
Web application firewalls (WAFs) are hardware and software solutions used for protection from application security threats. These solutions are designed to examine incoming traffic to block attack attempts, thereby compensating for any code sanitization deficiencies.
By securing data from theft and manipulation, WAF deployment meets a key criteria for PCI DSS certification. Requirement 6.6 states that all credit and debit cardholder data held in a database must be protected.
Generally, deploying a WAF doesn’t require making any changes to an application, as it is placed ahead of its DMZ at the edge of a network. From there, it acts as a gateway for all incoming traffic, blocking malicious requests before they have a chance to interact with an application.
WAFs use several different heuristics to determine which traffic is given access to an application and which needs to be weeded out. A constantly-updated signature pool enables them to instantly identify bad actors and known attack vectors.
Almost all WAFs can be custom-configured for specific use cases and security policies, and to combat emerging (a.k.a., zero-day) threats. Finally, most modern solutions leverage reputational and behavior data to gain additional insights into incoming traffic.
WAFs are typically integrated with other security solutions to form a security perimeter. These may include distributed denial of service (DDoS) protection services that provide additional scalability required to block high-volume attacks.