- A traditional firewall cannot secure webservers from a malicious traffic attack as the attack occurs at layer 7 of the network stack
- A WAF provides a security layer that protects the web server from the malicious traffic
- WAF is either appliance based or cloud based and gets deployed through a proxy placed ahead of the web application
- It uses a rule based filter that monitors and analyzes the traffic before it reaches the web application
Benefits of WAF
- WAF implementation secures the exiting and productive web applications
- Many WAF’s have functionalities that can be used in design process and minimizing the work load
- WAF provides cookies protection with encryption and signature methodology
- It secures applications from cross-site request forgery and negates parameter tampering by URL encryption
- WAF can detect data validation issues by in-depth testing of character, character length, the range of a value, etc.
WAF Limitations
- Do not consider WAF as a replacement for a proper application security such as user authentication or input filtering
- WAF is not a technology which if once deployed, can be ignored by the administrator
- The working of WAF is different from the next-generation firewall (NGFW). WAF inspects traffic based on a particular protocol unlike NGFW which can make changes in the existing network
- WAF does not provide complete security from all web attacks as it can not read database commands
- Only if WAF manages the session itseIf, it can partially prevent issues like session fixation and anti-automation
- Deployment of WAF does not ensure security from false positives
Cheng® 