July 10, 2018 by Agnes Talalaev
Website attacks and cyber attacks, in general, are growing in numbers every day and the importance of security in our daily lives is increasing rapidly.
So, being secure in the online world becomes more and more important every day and it is more than important to protect your website and the data it holds now. Therefore, we’ll explain what is a web application firewall and why is it important.
For example, 64% of companies have experienced web-based attacks based on currently available statistics. 62% experienced phishing & social engineering attacks and 59% of companies experienced malicious code and botnets. (source)
When talking about website security and CMS security the infections are also rising actively. For example, WordPress continues to be the leading infected website CMS.
On average, about 30 000 to 50 000 websites get hacked every day and in reality, the majority of these 30,000 sites are legitimate small businesses that are unwittingly distributing malicious code for the cybercriminals.
Typically, a web interface that is facing the public internet has been considered to be the most vulnerable and “risky” when it comes to vulnerabilities so therefore websites are one of the main targets for hackers.
The most common types of attacks targeted to websites are cross-site scripting (XSS), SQL injection, and Arbitrary Remote Code Execution.
After you leave your home or office, you lock your doors. It’s elementary, right? But like locks on your office or home door, you should also have a “lock” on your home on the internet.
It is important because occasionally there can be someone with malicious intent who could walk in and steal your data.
For keeping your website safe, you’ll have some options to decide between – you can do the manual work, harden your site with your own knowledge or with the help of an expert. That will also include constant updates, manual monitoring, backups, and patches.
Or you can find some help and let web application firewall do the dirty work for you. To build layers of security around your site you should have a security system to serve as your website’s first line of defense against hacking attacks. A Web Application Firewall is that first line of defense.
So, what is WAF? A web application firewall (short for WAF) in an application firewall that monitors, filters and blocks traffic that may be harmful to your site.
So web application firewalls are for blocking and catching malicious traffic before it reaches the actual web server.
Web application firewall, and firewall in general consists of multiple components working together to block malicious traffic and prevent false-positive results.
A web application firewall is different to a traditional firewall in a way that it does more than just block specific IP address or ports, it goes deeper in web traffic looking for signs of an attack or possible injection. It is also customizable – there are many possible rules specific to different applications.
A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. (source)
The whitelist contains a list of “good” things that should pass firewall rules and not being checked for malicious traffic. Let’s say we have a form that is accepting HTML code by design, we want to put that form in whitelist to prevent false positive for XSS/HTML injections.
Blacklist is a complete opposite of whitelist and contains a list of “bad” things that shouldn’t pass firewall processor.
Hybrid is a combination of both whitelist and blacklist. Nowadays, it is the most common technique used by modern firewalls.
Signature-based detection is falling more into intrusion detection than firewalls. However, many modern firewalls include this functionality which looks for specific patterns that are known to be malicious and block those requests.
Hackers are always innovating and finding new ways to get access to your site. It means that having a good security-minded coding technique and implementing security measures already in the coding process may not be enough.
PCI DSS 3.1 requirement 6.6 suggests WAF:
“Installing an automated technical solution that detects and prevents web based attacks (for example, a web application firewall) in front of public facing web applications, to continually check all traffic”.
Keep in mind that web application firewall is a highly specialized security tool specifically designed to protect web applications, so if this is the only security-related investment your company has, then in today’s world it’s unfortunately still not enough.