eb applications are at the heart of businesses today due to numerous advantages: improved efficiencies, cost reduction and more. However, their security becomes an issue of paramount importance. Applications are vulnerable to theft of sensitive data such as account numbers, personal information, corporate data and financial records. A crucial security measure to prevent such theft is through the deployment of a Web Application Firewall (WAF).

Web Application Firewall can either be software or hardware appliance based and acts as a security layer protecting the web server from intrusion or attacks. It works at OSI layer 7 and checks all requests and responses within the HTTP/HTTPS/SOAP/XML-RPC/Web Service layers. The primary purpose of this firewall is to restrict access to ports, services that an administrator would want to protect. Common attacks include Cross-site Scripting (XSS) and SQL Injection. In cross-site scripting a malicious code is injected into the website generally in the form of a browser script. When this script gets executed on the browser of the end user, it can access cookies, session tokens and other sensi¬tive information retained by the browser. Similarly in an SQL Injection attack the attacker can access sensitive data from the database and modify it. In order to prevent such attacks, a firewall should perform validation of all headers, cookies, query strings and hidden fields.

Name: Secure Web Apps Through Firewalls.jpg Views: 27 Size: 43.1 KB

The validation should not hamper the active content in any way. Network fire walls that operate at layer 3 are not capable of preventing these attacks. Some of you must be wondering that employing an SSL would ensure that data is safe. However, SSL protects data during transmission but not at the end points. A good
thing about WAF is that the source code need not be modified. It can be negative or positive model based. The negative model works by checking for attack signatures from an existing database of signatures, by performing pattern matching. In this case, the update for signatures from the vendor is an important criterion. As a positive model, the WAF checks for any irregular behavior that does not fit into the regular traffic pattern. The security policies are enforced at the granular level by building a model in such a manner that user interactions and the unwanted traffic not adhering to policies is blocked. This model provides the l1exibility to the administrator to define rules according to the needs of the application.

WAF can be implemented as an appliance based solution or as server side software. In case of a server side solution, the software has to be installed on each server and configured separately. This process is time consuming but one can save costs on hardware. However, if the software crashes then the server will also have to be shut down. When WAF is implemented as an appliance based solution it consumes less time for deployment. A single appliance can protect multiple servers after it has been configured. Also, in case the appliance fails, it will not bring down the server with it and traffic can be re-routed quickly.