Today we will be discussing about Web Application Firewall (WAF). Web application firewall is a firewall that filters, monitors, and blocks HTTP/S traffic to and from a web application. WAF is slightly different from the typical firewalls. WAF can filter the contents of a web application were typical firewalls act as a secure gate or a entry point.
Today world is moving towards e-Commerce and online apps for most of the needs. We can see a huge number of online-shopping plat forms arising. Even banks are offer most of their services through online platform. Not just the platform but also the intruders are also increasing. Here comes the importance of a WAF
WAF can secure the application from many thing ,
- SQL Injection.
- Cross site scripting (XSS).
- Security Mis-configuration.
- Monitor the traffic to the application.
How Web Application Firewall protects the application ?
A Web Application Firewall is a special type of application firewall that applies specifically to web applications. It is deployed in front of web applications and analyzes bi-directional web-based (HTTP/S) traffic – detecting and blocking anything malicious. It protects the web application by controlling its input and output and the access to and from the application.
A WAF can be either network-based or host-based and is typically deployed through a proxy and placed in front of one or more Web applications. In real time or near-real time, it monitors traffic before it reaches the Web application, analyzing all requests and trace the harmful traffics using a rule base .
There are a lot of web application firewalls available on the market today. Some of the most common are here for your research.
- Barracuda Networks WAF.
- Citrix Netscaler Application Firewall.
- Imperva SecureSphere.
- F5 Big-IP Application Security Manager .
For open source supporters , ModSecurity could be a good choice.